Written correspondence to Ms Rosie Williams from the ABS follows. As of the time of publication of this media statement, none of the factual inaccuracies in the article have been corrected.
I am writing in relation to your article published on 28 March 2019 on TableBuilder. We appreciate you linking to one of our media statements and there are some points within your article that we would like to clarify.
Firstly, TableBuilder is not an API. It is an online tool that allows registered users to query data whereas an API is a system that allows the machine-machine transfer of data.
Also, your article implied that the data sitting behind TableBuilder is simply de-identified raw Census data with the ABS ‘simply removing name and address fields from census data’. This is a misrepresentation of the range of other measures to ensure the privacy of our data, as noted in the media response to which you linked.
The data that sits behind TableBuilder is not only de-identified but also has had a range of other protections applied to safeguard privacy, for example, many characteristics are put into groups (eg industry or occupation groups), and specific identifiable characteristics like date of birth are removed. We also add perturbation to the raw data and are stringent in monitoring patterns of use. Not all our mitigation measures were disclosed to the researchers at Macquarie University (again, as highlighted in the media statement).
We also challenge your statement that we summarily dismissed the findings of Dr Dali Kafaar’s research. Having worked with Dr Dali Kafaar and his team, we put in place measures designed to address their theoretical vulnerability. This was referenced in an earlier ABS media statement. We continue to monitor patterns of usage.
Much of the ongoing work the ABS undertakes to identify and address risks to the security of our data involves collaboration with researchers from Australia and overseas. To only work with ‘the same or similar individuals and teams’ would be in contrast to our aim to learn from best practice.
Your article also canvasses issues related to the privacy of data. The ABS is subject to the Privacy Act 1988 and to the Australian Privacy Principles contained within it. The ABS is also bound by the secrecy requirements of the Census and Statistics Act 1905 which prohibits the release of information collected for a statistical purpose in a manner that is likely to lead to the identification of any person or business.
Australian Privacy Principle 6 stipulates that information collected for one reason cannot be used or disclosed for a secondary reason unless any of a range of conditions is met. While these include the affected individual providing consent there are also other conditions, among them that:
- · the affected individual has consented to the disclosure; or
· the affected individual would reasonable expect an agency to disclose their personal information for the secondary purpose; or
· the disclosure of information is authorised or required by another Australian law.
These conditions do not require a service being directly or indirectly provided to the affected individual.
Finally, the Data Sharing and Release Act will not override the Privacy Act. Any disclosure of personal information or personal which is authorised or required under Australian law meets the requirements of the Privacy Act and the Australian Privacy Principles by virtue of the condition in Australian Privacy Principle 6 that the disclosure of information is authorised or required by another Australian law.